The Hated One just released a video discussing some of the problems with Signal, and I agree with a lot of what he said, except for the recommendation to switch to Element.

Signal gets a lot of praise, and for good reason. It’s mostly well designed. However, it’s far from perfect. I’ve found it to be pretty stable (although the order of messages can be messed up on mobile), unlike Element (e.g. decryption errors for both parties), but there are various missing features, such as no support for message backups in the desktop application, something requested in a GitHub issue that has now been open for over five years! Not everybody wants to lose their messages when they switch devices Signal. It shouldn’t even be a difficult feature to implement.

There’s also the fact that you need a phone to even use the service, which was an awful design decision for a privacy messenger. The whole ‘privacy != anonymity’ argument to defend Signal is missing the point; namely, that a) you shouldn’t give out your phone number to strangers on the internet, b) there’s no need for this phone number requirement (lots of other services have managed with usernames just fine), and c) not everybody has a phone. I’ll admit that c) is unlikely nowadays, but the recommended solution of using a Google Voice number is ridiculous when the same people recommending Signal advocate against using Google services. Moreover, Google Voice requires a US phone number. It’s simply not as easy to obtain access to another phone number as some claim.

To make matters worse, Signal’s funding model is problematic. It doesn’t take a genius to realise that donations from ordinary people alone won’t be able to sustain huge amounts of bandwidth, especially when most people don’t donate to open source projects. In response to this realisation, Signal decided to join the cryptocurrency craze. What a terrible idea. Firstly, Signal is a messaging app, not a payment app. Secondly, instead of integrating Monero, the best privacy respecting cryptocurrency, they decided to rip off Monero and make a new cryptocurrency that’s worse, all whilst cashing in when people make transactions.

It’s honestly baffling why so many people defend legitimate criticisms of Signal as if they developed the app themselves. Stop burying your head in the sand and start thinking critically. The fact that support for usernames doesn’t appear to be coming any time soon, the limited business model, the disparity between features on different platforms (e.g. backups on Android but not on iOS and PC), and now the integration of cryptocurrency indicates the flawed nature of the service. If you can’t see that, it’s time to get your eyesight checked.

With that said, all the current messaging apps have problems, and Signal is one of the better ones out there. For anybody wondering why, here’s a summary of the current messaging platforms and why you shouldn’t use them:

Mainstream messengers

  • WhatsApp: owned by Facebook. Need I say more? Avoid it at all costs.
  • Facebook/Instagram Messenger: the clue is in the name. Also, not end-to-end encrypted by default, certain topics of conversation get censored (e.g. piracy links), and there are feature disparities between the web and app versions.
  • Snapchat: unencrypted data exists on their servers, Snapchat employees can access messages, there are concerns about facial recognition data being collected and shared, the app has been found to use the camera and microphone in the background, their privacy policy states that they collect lots of personal information, and there are adverts in the app.
  • Discord: well designed for everything but privacy and security. It’s not open source, and they will never support end-to-end encryption because they want to moderate chats and share data with law enforcement, meaning you should avoid it at all costs. You can be sure they’re mining your data like crazy based on their privacy policy.
  • Zoom: arguably the worst service anyone can use. They outright lied about the security of their product, lots of security vulnerabilities have been found, it has ties to China, it has been banned by governments, and it’s closed source.
  • Skype: are you having a laugh? Microsoft handed over Skype data as part of the PRISM surveillance program, it’s closed source, it’s not end-to-end encrypted by default, and the UI is god awful.
  • Kik Messenger: not end-to-end encrypted, closed source, you can’t delete messages from the other person’s device, there are adverts in the app, and it’s full of bots.

Privacy messengers

  • Telegram: lots of infosec individuals have criticised its security, it’s not end-to-end encrypted by default, all messages are permanently stored on the server by default, there’s no end-to-end encryption support in group chats, it doesn’t use the Signal protocol (MTProto is much worse), it leaks metadata, secret chats don’t sync between devices, and only the clients and API are open source.
  • Element: buggy (thousands of open GitHub issues) and somewhat poorly designed for non-technical people (e.g. awful error messages, technical terms, etc). I’m talking about messages that never get decrypted. What’s the point of a messenger that sends messages that are unreadable? There are also metadata concerns, and some of the staff on GitHub are unhelpful and come across as rude.
  • Keybase: acquired by Zoom, a company who blatantly lied about the security of their product. Enough said. No thanks. It’s also likely a dead project now that the Keybase team are working on Zoom.
  • Wickr: only the cryptographic code is open source, it was recently acquired by Amazon, based in the US, and there’s some metadata collection.
  • Threema: security vulnerabilities and poor design decisions have been found despite two audits, they engage in false marketing, it costs money to use, it used to be closed source, the server code is not open source, the servers know who is talking to who, there are no self-destructive messages, you can’t delete sent messages, and there’s no desktop application (it’s web only, although the repository has been in maintenance mode).
  • Session: apparently buggy (e.g. delayed messages, bad notifications, etc) and lacking in common features found in the other messengers (e.g. voice/video calls, pasting images from the clipboard on PC, etc). So, it needs more work at present. It’s also tied to cryptocurrency stuff, which is always off-putting, and the company is based in Australia, a country that hates end-to-end encryption. Furthermore, unlike Signal, it lacks forward secrecy, backward secrecy, and deniability, which are nice to have. However, it’s open source and has now been audited.
  • Wire: buggy, there are metadata concerns, the team has links to Skype, it got bought out by a US company, and they made a vague change to their privacy policy (‘sharing user data when necessary’) that can be considered concerning. However, the apps are open source, they have had several security audits, there’s no phone number requirement, and they don’t rely on donations.
  • Peer-to-peer apps (e.g. Briar): limited to a specialist audience for the most part. Many of these apps are also only available on one platform (e.g. Android). Furthermore, your contact must be online at the same time as you for messages to be delivered. Therefore, they’re hard to recommend.

Let’s hope Signal gets their act together and some of the above services improve enough to be recommended.

Note: Please contact me if I’ve missed something, managed to get anything factually wrong, or things have changed when you’re reading this.